Security

Security is not a feature for us. It is the foundation. Envval exists to keep your secrets safe, and we take that responsibility seriously.

End-to-end encryption

Your environment variables are encrypted on your device before they leave it. The encryption keys are derived locally and never transmitted to our servers. This means we cannot read your secrets, even if we wanted to.

Data in transit

All communication between your device and our servers uses TLS 1.2 or higher. API requests are authenticated using secure tokens that are rotated regularly.

Data at rest

Encrypted data stored on our servers is further protected with AES-256 encryption at the infrastructure level. Database access is restricted and audited.

Infrastructure

Our servers run on trusted cloud infrastructure with regular security patches and updates. We follow the principle of least privilege for all system access.

Reporting vulnerabilities

If you discover a security vulnerability in Envval, please report it to rohitsrawat3002@gmail.com. We appreciate responsible disclosure and will respond within 48 hours.

Please do not open public issues for security vulnerabilities.